CVE-2026-23390 is a textbook example of how a small tracing feature can become a security concern when real-world workloads push it beyond the assumptions baked into the code. The Linux kernel’s dma_map_sg tracepoint could allocate dynamic arrays large enough to overflow the fixed...
